Hello,
I've tried to setup phpldapadmin but it fails after login with this error : --- Our attempts to find your SCHEMA for "attributetypes" have FAILED. ---
I've read that Fedora DS works with phpldapadmin and that this error can be due to wrong acl : http://wiki.pldapadmin.com/tiki-view_faq.php?faqId=1#q11
I've created a special user phpldapadmin but don't know what rights to give to him as I haven't found cn=subschema
Would someone have an idea ?
Regards,
Mikael,
I just got phpLdapAdmin working with fds today. I installed fds on fc4 and followed the setup for example.com.
When I configured PLA, I had to define the server 'base' setting in /var/www/html/phpldapadmin/config/config.php ('dc=example,dc=com') because PLA said it could not find the rootDSE. But I was able to authenticate using the cn=Directory Manager that was created during setup.
I also found I needed to edit /etc/php.ini to increase the memory for PHP. I was getting errors in the http server log.
If someone has a tip about phpldapadmin being able to get the naming contexts from rootDSE, I'd appreciate it.
Thanks,
Toby
On 6/16/06, Mikael Kermorgant mikael.kermorgant@gmail.com wrote:
Hello,
I've tried to setup phpldapadmin but it fails after login with this error :
Our attempts to find your SCHEMA for "attributetypes" have FAILED.
I've read that Fedora DS works with phpldapadmin and that this error can be due to wrong acl : http://wiki.pldapadmin.com/tiki-view_faq.php?faqId=1#q11
I've created a special user phpldapadmin but don't know what rights to give to him as I haven't found cn=subschema
Would someone have an idea ?
Regards,
Mikael Kermorgant
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Thanks Toby !
Increasing the memory limit in php.ini was the solution for me. For the record, as I've removed anonymous access, I had to add this acl to get phpldapadmin working :
(targetattr = "subschemaSubentry || aliasedObjectName || hasSubordinates || objectClasses || namingContexts || matchingRuleUse || ldapSchemas || attributeTypes || serverRoot || modifyTimestamp || icsAllowRights || matchingRules || creatorsName || dn || ldapSyntaxes || createTimestamp") (version 3.0; acl "Acces anonyme au schema"; allow (read,compare,search) (userdn = "ldap:///anyone") ;)
(Maybe modifying userdn to the bind user I use in phpldapadmin could work, I have to try it).
Best regards,
Mikael
Great! Thanks for the info on anonymous access as that will be useful for me also.
I should add to this thread that the memory errors encountered by PLA caused it to complain about not being able to read the root and even when I specified a base in the config.php, it did not display the tree of directory nodes in the left navigation area. I changed /etc/php.ini to specify 32M instead of 8M. I'll have to go back and remove the 'base' setting in config.php to see if PLA successfully reads the root now.
Toby
On 6/17/06, Mikael Kermorgant mikael.kermorgant@gmail.com wrote:
Thanks Toby !
Increasing the memory limit in php.ini was the solution for me. For the record, as I've removed anonymous access, I had to add this acl to get phpldapadmin working :
(targetattr = "subschemaSubentry || aliasedObjectName || hasSubordinates || objectClasses || namingContexts || matchingRuleUse || ldapSchemas || attributeTypes || serverRoot || modifyTimestamp || icsAllowRights || matchingRules || creatorsName || dn || ldapSyntaxes || createTimestamp") (version 3.0; acl "Acces anonyme au schema"; allow (read,compare,search) (userdn = "ldap:///anyone") ;)
(Maybe modifying userdn to the bind user I use in phpldapadmin could work, I have to try it).
Best regards,
Mikael
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
2006/6/17, Toby Kraft toby.kraft@gmail.com:
Great! Thanks for the info on anonymous access as that will be useful for me also.
I should add to this thread that the memory errors encountered by PLA caused it to complain about not being able to read the root and even when I specified a base in the config.php, it did not display the tree of directory nodes in the left navigation area. I changed /etc/php.ini to specify 32M instead of 8M. I'll have to go back and remove the 'base' setting in config.php to see if PLA successfully reads the root now.
Glad to hear the acl will be useful, I've suffered a bit to find it out ;) For the sake of precision, I've modified the acl by changing restricting access to a specific user (which phpldapadmin should bind with) but it does not work.
Best regards,
389-users@lists.fedoraproject.org